Endpoint Protection

 View Only

Adobe publishes emergency patch for exploited Flash vulnerability  

Jun 23, 2015 03:29 PM


Adobe has published a Security Bulletin for the Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-3113). The new Security Bulletin, APSB15-14, identifies a heap buffer overflow vulnerability which affects various versions of Adobe Flash Player across multiple platforms. Exploitation of this critical vulnerability could allow an attacker to remotely execute arbitrary code. Adobe has acknowledged reports of this vulnerability being exploited in the wild in limited targeted attacks.

The following versions of Adobe Flash Player are vulnerable:

  • Adobe Flash Player and earlier versions for Windows and Mac OS X
  • Adobe Flash Player Extended Support Release version and earlier 13.x versions for Windows and Mac OS X
  • Adobe Flash Player and earlier 11.x versions for Linux

Symantec Security Response is continuing to monitor the situation for additional information related to this vulnerability and will provide further guidance once it is available.

We recommend applying the vendor-supplied patches to mitigate possible exploitation. Updates can be obtained directly from the Adobe Flash Player Download Center or by accepting the update prompt through the installed product. Versions of Flash Player embedded in Chrome and Internet Explorer can be updated to non-vulnerable versions by updating the respective browsers.

Update–June 30, 2015:
Symantec has implemented the following detections to protect users from exploits that attempt to take advantage of this Adobe Flash Player vulnerability:



  • Web Attack: Adobe Flash Player CVE-2015-3113

0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.